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DETAILED ACTION 

1. Applicant's response filed on January 22, 2008 has been carefully considered. 
Claims 1-24 are pending. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability 
shall not be negatived by the manner in which the invention was made. 

3. Claims 1, 3-5, 7, 10-12, 14-16, 18, 23-24 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Battle et al. (U.S. Patent No. 7,136,381 B2), hereinafter "Battle", in 
view of Kanno et al. (U.S. Patent No. 6,069,971 ), hereinafter "Kanno". 

Referring to claim 1 : 

i. Battle teaches: 

A method of providing physical port security in a digital communication 

system, comprising: 

receiving a frame of digital data at a network device (see column 4, lines 
62-67; and column 5, line 16-column 7, line 43 of Battle); 

generating a destination port bit map [i.e., egress port table] based on the 
destination address information contained in said frame of digital data (see column 4, lines 62- 
67; and column 5, line 16-column 7, line 43, [i.e., the port bit map is generated based on the 
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packet's Opcode, the destination port ID, the destination module ID, and a corresponding entry 
in a table], of Battle, emphasis added); 

comparing said destination port bit map with a physical port security bit 
map to generate a bit map of allowed destination ports, wherein said physical port security bit 
map [i.e., varPORTBITMAP] is generated based on information in said received frame of 
digital data (see e.g. figure 6, element 'Does any port in varPORTBITMAP belong to a trunk 
group in the trunk table', element 'Calculate the HASH using the DA [i.e., destination address] 
and SA [i.e., source near address] in the packet'; and column 6, lines 12-30, particular note 
'RTAG 2 RTAG identifies the trunk selection criteria for this trunk group 0: based on DA 
[i.e., destination address] + SA [i.e., source address]', of Battle, emphasis added); and 

forwarding said frame of digital data to one or more of said allowed 
destination ports (see column 6, lines 12-19 'The Trunk Group Table is used to derive the 
egress port when a packet has to go out on a trunk port', of Battle). 

However, Battle does not specifically mention a separate physical security 

bit map. 

ii. Kanno teaches a pattern comparison inspection system wherein Kanno 
discloses generate two separate bit maps and the compare the two separate bit maps (see 
figure 9; and column 9, lines 28-38 "of Referring to FIG. 9, design pattern data 108 is 
converted into a gray level bit map (i.e., a reference bit map) 31 by occupancy calculating 
portion 23 and gray level bit map generating portion 24. EB pattern data 1 09 is also converted 
into a gray level bit map (i.e., an inspected bit map) 32 . Bit map comparing portion 27 
makes a comparison between reference bit map 31 and inspected bit map 32 and 
calculates an absolute value of each pixel value difference to generate a comparison result 33. 
It can be seen that the pixel value differences within comparison result 33 are all equal to or 
less than 0.50.", Kanno, emphasis added). 

iii. It would have been obvious to a person of ordinary skill in the art at the 
time the invention was made to combine the teaching of Kanno into the method of Battle to 
generate a separate physical security bit map. 

iv. The ordinary skilled person would have been motivated to have applied 
the teaching of Kanno into the system of Battle to generate a separate physical security bit 
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map, because Battle teaches using the information provided in a packet to generate a port 
bitmap, and then modifying the ports in the port bitmap by looking up the specific port(s) in the 
port bit map (see column 5, lines 48-55; and figure 6, of Battle). On the other hand, Kanno 
teaches comparing one bit map with another bit map so that "It can be seen that the pixel 
value differences within comparison result 33" (see column 9, lines 26-27 of Kanno, emphasis 
added). Therefore, Kanno's teaching could enhance Battle's system to find out which port(s) 
need to be added and/or removed. 
Referring to claims 7, 18 : 

Battle and Kanno teach the claimed subject matter: a method of providing 
physical port security in a digital communication system (see claim 1 above). Battle further 
discloses the router (see column 1 , line 41 of Battle). 
Referring to claim 10 : 

Battle and Kanno teach the claimed subject matter: a method of providing 
physical port security in a digital communication system (see claim 1 above). Battle further 
discloses the process (see column 2, line 60 of Battle). 
Referring to claim 1 1 : 

Battle and Kanno teach the claimed subject matter: a method of providing 
physical port security in a digital communication system (see claim 1 above). Battle further 
discloses that the bit map is generated dynamically (see column 5, lines 48-55 of Battle). 
Referring to claims 3-5, 14-16, 23 : 

Battle and Kanno teach the claimed subject matter: a method of providing 
physical port security in a digital communication system (see claim 1 above). Battle further 
discloses the source address and the destination address of the digital data frame (see column 
1, lines 43-49 of Battle). 

Referring to claim 12 : 

i. Battle teaches: 

A system for providing physical port security, comprising: 
At least one processor within a network device, said network device 
having a communication port for receiving digital data from a digital communications system 
and two or more physical data ports for forwarding said digital data, said at least one of 
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processor enables (see column 4, lines 62-67; and column 5, line 16-column 7, line 43 of 
Battle): 

Generation of a destination port bit map based on destination address 
information contained in said received digital data (see column 4, lines 62-67; and column 5, 
line 16-column 7, line 43, [i.e., the port bit map is generated based on the packet's Opcode, 
the destination port ID, the destination module ID, and a corresponding entry in a table], of 
Battle, emphasis added); 

Comparing of said destination port bit map within a physical port security 
bit map to generate a bit map of allowed destination ports, wherein said physical port security 
bit map is generated based on information within said received digital data (see e.g. figure 6, 
element 'Does any port in varPORTBITMAP belong to a trunk group in the trunk table', 
element 'Calculate the HASH using the DA [i.e., destination address] and SA [i.e., source near 
address] in the packet'; and column 6, lines 12-30, particular note 'RTAG 2 RTAG identifies 
the trunk selection criteria for this trunk group 0: based on DA [i.e., destination address] + SA 
[i.e., source address]', of Battle, emphasis added); and 

Forwarding of said digital data to one or more of said allowed destination 
ports (see column 6, lines 12-19 'The Trunk Group Table is used to derive the egress port 
when a packet has to go out on a trunk port', of Battle). 

However, Battle does not specifically mention a separate physical 

security bit map. 

ii. Kanno teaches a pattern comparison inspection system wherein Kanno 
discloses generate two separate bit maps and the compare the two separate bit maps (see 
figure 9; and column 9, lines 28-38 "of Referring to FIG. 9, design pattern data 108 is 
converted into a gray level bit map (i.e., a reference bit map) 31 by occupancy calculating 
portion 23 and gray level bit map generating portion 24. EB pattern data 1 09 is also converted 
into a gray level bit map (i.e., an inspected bit map) 32 . Bit map comparing portion 27 
makes a comparison between reference bit map 31 and inspected bit map 32 and 
calculates an absolute value of each pixel value difference to generate a comparison result 33. 
It can be seen that the pixel value differences within comparison result 33 are all equal to or 
less than 0.50.", Kanno, emphasis added). 
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iii. It would have been obvious to a person of ordinary skill in the art at the 
time the invention was made to combine the teaching of Kanno into the method of Battle to 
generate a separate physical security bit map. 

iv. The ordinary skilled person would have been motivated to have applied 
the teaching of Kanno into the system of Battle to generate a separate physical security bit 
map, because Battle teaches using the information provided in a packet to generate a port 
bitmap, and then modifying the ports in the port bitmap by looking up the specific port(s) in the 
port bit map (see column 5, lines 48-55; and figure 6, of Battle). On the other hand, Kanno 
teaches comparing one bit map with another bit map so that "It can be seen that the pixel 
value differences within comparison result 33" (see column 9, lines 26-27 of Kanno, emphasis 
added). Therefore, Kanno's teaching could enhance Battle's system to find out which port(s) 
need to be added and/or removed. 

Referring to claims 24 : 

Battle and Kanno teach the claimed subject matter: an intermediate network 
device (see claim 12 above). Battle further discloses that the bit map is dynamically altered 
based on a variable parameter (see column 5, lines 48-55 of Battle). 

4. Claims 2, 6, 8-9, 13, 17, 19-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Battle et al. (U.S. Patent No. 7,136,381 B2) in view of Kanno et al. (U.S. 
Patent No. 6,069,971), and further in view of Wieget (U.S. Patent No. 6,484,261 B1). 

Referring to claims 6, 17, 22 : 

i. Battle and Kanno teach the claimed subject matter: a method of providing 
physical port security in a digital communication system, (see claim 1 above). However, they 
do not specifically mention the IP address. 

ii. Wieget teaches a graphical network security policy management wherein 
Wieget discloses the IP address (see column 2, lines 14 of Wieget). 

iii. It would have been obvious to a person of ordinary skill in the art at the 
time the invention was made to combine the teaching of Wieget into the method of Battle to 
use IP address. 
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iv. The ordinary skilled person would have been motivated to have applied 
the teaching of Wieget into the system of Battle to the IP address, because Battle teaches 
using the information provided in a packet to generate a port bitmap (see column 5, lines 48-55 
of Battle). And IP address is the information contained in the packet. Therefore, Wieget's 
teaching could enhance Battle's system. 
Referring to claims 2, 13 : 

Battle, Kanno, and Wieget teach the claimed subject matter: a method of 
providing physical port security in a digital communication system (see claim 1 above). They 
further disclose the logical AND (see column 18, line 7 of Wieget). 
Referring to claim 21 : 

Battle, Kanno, and Wieget teach the claimed subject matter: an intermediate 
network device (see claim 12 above). They further disclose the IP data (see column 2, lines 
14 of Wieget). 

Referring to claims 9, 20 : 

Battle, Kanno, and Wieget teach the claimed subject matter: an intermediate 
network device (see claim 12 above). They further disclose the local area network (see 
column 10, line 52-55 of Wieget) 
Referring to claims 8, 19 : 

Battle, Kanno, and Wieget teach the claimed subject matter: an intermediate 
network device (see claim 12 above). They further disclose the network file server (see 
column 10, line 52-55 of Wieget). 

Response to Arguments 

5. Applicant's arguments, filed on January 22, 2008, have been fully considered 
and are persuasive. Therefore, the rejection has been withdrawn. However, upon further 
consideration, a new ground(s) of rejection is made in view of Kanno. 
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Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Joseph Pan whose telephone number is 571-272-5987. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached at 571-272-3859. The fax and phone numbers for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 571-272-2100. 



Joseph Pan 
April 28, 2008 
/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



